search

macchiato-framework / macchiato-core

Ring style HTTP server abstraction for Node.js
MIT License
377 stars 35 forks source link

Unable to set Secure flag on the cookies #45

Closed pratikpai closed 4 years ago

pratikpai commented 4 years ago

I am trying to set the secure flag on the cookie which doesn't seem to work.

From the below code it looks like when I set the :secure true, it sets the :signed attribute which is not similar to :secure.

(defn- translate-cookie-opts [{:keys [secure max-age expires http-only path domain overwrite?]}]
  (clj->js
    (merge
      (when secure {:signed true})
      (when max-age {:maxAge max-age})
      (when path {:path path})
      (when domain {:domain domain})
      (when expires {:expires expires})
      (when (some? http-only) {:httpOnly http-only})
      (when overwrite? {:overwrite overwrite?}))))

Should that be something like below?

(defn- translate-cookie-opts [{:keys [secure signed max-age expires http-only path domain overwrite?]}]
  (clj->js
    (merge
      (when secure {:secure true})
      (when signed {:signed true})
      (when max-age {:maxAge max-age})
      (when path {:path path})
      (when domain {:domain domain})
      (when expires {:expires expires})
      (when (some? http-only) {:httpOnly http-only})
      (when overwrite? {:overwrite overwrite?}))))

The above code is in the below file: https://github.com/macchiato-framework/macchiato-core/blob/bb054b84364ab8a0348579bf6126df8be06ddb01/src/macchiato/cookies.cljs#L38

yogthos commented 4 years ago

Thanks for the heads up, and I think you're right. I just pushed out 0.2.19 with the change.